Ransomware threats have emerged increasingly in recent times. These threats have rediscovered themselves and are poised with new tactics and patterns. These threats are new normal to the online community and they are doing their bit to get rid of these threats. Unlike the decade’s old inceptions of these threats when it was at their initial stage, they are much vulnerable these days and are targeting users around the world. These threats are emerging with new names and patterns every day. In fact, there are few ransomware families which are targeting users with similar effects living in the same family. Let’s discuss top 5 scary Ransomware families of recent times.
Locky Ransomware: Locky ransomware was surfaced in the middle of February 2016 and arrives through unsolicited e-mails. When Locky ransomware infects your system it will start scanning all the drive letters and network shares for targeted file types. Further, it will encrypt those files using AES encryption algorithm. This AES encryption key is further encrypted by the RSA key which was retrieved from the Command & Control Server of the ransomware. Once the file encryption is done it displays a desktop wallpaper demanding a ransom of 0.5 bitcoin. It also displays an HTML ransom note in system’s default browser. These ransom notes include directions to connect to the Locky Decryptor page. It changes file extensions to .locky, .zepto . and .odin (latest). There are certain ways available to decrypt locky files, you can follow them or you can take certain preventive measures like quality security suite, not clicking on unknown links etc.
Jigsaw: This extortion malware is named after the famous Hollywood slasher flick Saw. Depicting image of the villainous character, Billy, this ransomware threatens to delete chunks of files of the infected user and displays ransom note in English and Portuguese asking for a ransom payment of up to US$150. It threatens to delete files every hour if the ransom is not paid. It offers the live-chat option to answer victim’s questions related to this ransomware. It even scares a victim to circulate its credentials and email/messenger history to all of the victim’s contacts.
Crysis: This ransomware was surfaced in February and touted as an heir to TeslaCrypt. It is targeting individuals and enterprises and it is distributed via malicious emails containing poisonous attachments with two different file extensions. Other than malicious emails and URLs Crysis ransomware is also distributed via installers for legal apps like WinRAR, Microsoft Excel etc. Crysis has the ability to encrypt files and it demands ransom in bitcoins. It can further retrieve the user’s credentials from the infected machine and can remotely control the system by stealing and controlling administrator privileges.
CryptoWall: CryptoWall is a family of file-encrypting Ransomware that gained notoriety after the downfall of the infamous ransomware CryptoLocker. It uses CHM infection mechanism, unbreakable AES encryption and robust C2 activity over the Tor anonymous network. This ransomware has appeared with different names such as CryptoDefense, Cryptobit, CryptoWall 2.0 and CryptoWall 3.0 etc. This virus is primarily distributed via exploit kits, spam campaigns, and various malvertising techniques. Initial variants of this malware have used RSA public key to encrypt files and later variants like CryptoWall 3.0 have used AES key for file encryption. It uses Tor network for payments using Bitcoins.
CryptXXX: This ransomware was surfaced in February and touted as an heir to TeslaCrypt. It is targeting individuals and enterprises and it is distributed via malicious emails containing poisonous attachments with two different file extensions. Other than malicious emails and URLs Crysis ransomware is also distributed via installers for legal apps like Microsoft Excel , WinRAR etc. Crysis has ability to encrypt files and it demands ransom in bitcoins. It can further retrieve the user’s credentials from the infected machine and can remotely control the system by stealing and controlling administrator privileges.
These Ransomware families have played a notorious role for long time affecting users around the world. These families have surfaced with various names and effects making it difficult to find some permanent solution for them. Though certain decryption keys are available to deal with these ransomware threats hence taking preventive measures against them is always advisable. These preventive measures may include good anti-malware program, behavior changes like avoiding unknown and malicious links and safe browsing etc.